Information Security Policies
We maintain formal security policies and procedures covering: - Vulnerability Management - Secure Development Lifecycle (SDLC) - Data Retention & Privacy - Access Control - Incident Response - Acceptable Use
These policies are communicated to all employees and contractors as part of the onboarding process and through ongoing awareness programs.
Roles and Responsibilities
Security responsibilities are clearly defined for all employees, contractors, and third-parties. Access to customer data is restricted on a "need to access" basis . A designated Security Officer is responsible for overseeing our security program and handling incident notifications.
Compliance and Certifications
We leverage AWS infrastructure which is certified for ISO/IEC 27001:2013 . We are currently undergoing a Cyber Resilience Act (CRA) compliance initiative and engage external cybersecurity auditors for compliance validation. We are exploring additional certifications, such as SOC 2, to meet growing enterprise requirements.